This article contains the recommended policy for URL Filtering and Cloud App Control.

URL Filtering

Zscaler recommends that you configure the following URL Filtering policy:

• Rule Order: Select a Rule Order that is appropriate for your organization. Rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on).
• Rule Status: Select Enabled. Enabled rules are actively enforced.
• URL Categories: Select all categories in the Legal Liability class. To see which URL categories are in the Legal Liability class, see About URL Categories.
• HTTP Requests: Select All so that the rule is applied to all HTTP requests.
• Users: Select Any to apply the rule to all users.
• Groups: Select Any to apply the rule to all groups.
• Departments: Select Any to apply the rule to all departments.
• Locations: Select Any to apply the rule to all locations.
• Location Groups: Select Any to apply the rule to all location groups.
• Time: Select Always to apply the rule to all time intervals.
• Protocols: Select HTTP and HTTPS to apply the rule to these two protocols.
• Action: Select Block to block access to all sites in the selected URL categories.

Advanced URL Policy Settings

Zscaler recommends that you configure the following in the Advanced URL Policy Settings.

• Enable Suspicious New Domains Lookup: Select Enable. This enables you to use the Newly Registered and Observed Domains URL category in your URL Filtering policy.

• Enable AI/ML based Content Categorization: Select Enable. This enables the service to analyze the content of uncategorized websites using AI/ML tools to check if they belong to one of these URL categories:

  URL Categories 1

  URL Super Categories

  Alcohol/Tobacco

  Society and Lifestyle

  Anonymizer

  Illegal or Questionable

  Art/Culture

  Society and Lifestyle

  Blogs

  Internet Communication

  Classifieds

  Business and Economy

  Continuing Education/College

  Education

  Dining/Restaurant

  Society and Lifestyle

  FileHost

  Information Technology

  Finance

  Business and Economy

  Gambling

  Gambling

  1 to 10 of 29

  Page 1 of 3

  If the service determines the site belongs in one of those categories, it will categorize those sites and apply your policy accordingly.

• Enable Embedded Sites Categorization: Select Disable. With this disabled, the service won't enforce the URL Filtering policy for sites that are translated using translation service websites
• Enforce SafeSearch: Select Enable. This enables the service to only return safe content from searches on Google, Yahoo, Bing, Ask, Live, YouTube, blip.tov, Dailymotion, Flickr, AOL Video, and Friendster. SSL Inspection must be enabled for this option.

Generative AI Prompt

Zscaler recommends that you configure the following in the Advanced URL Policy Settings.

• ChatGPT: Select Enable. This enables the service to store and categorize the prompts up to 2 KB in size that are entered in ChatGPT.
• Gemini: Select Enable. This enables the service to store and categorize the prompts up to 2 KB in size that are entered in Gemini.
• Perplexity: Select Enable. This enables the service to store and categorize the prompts up to 2 KB in size that are entered in Perplexity.
• POE: Select Enable. This enables the service to store and categorize the prompts up to 2 KB in size that are entered in POE.
• Meta AI: Select Enable. This enables the service to store and categorize the prompts up to 2 KB in size that are entered in Meta AI.

Cloud App Control

Configure your Cloud App Control policy based on your corporate policy.